WEB HOSTING SUPPORT NETWORK
     
 

Key-based authentication

This article will guide you in creating and using an SSH key to log in to your account on our servers. First, you need to generate the public and private key pair. In this article, we will show you how to do that using the shell and using the control panel. Then, you need to copy the private key to your computer, or other device you will be connecting from.

If you wish, you can then disable the SSH password authentication for the account using the SSH section in the hosting Control Panel as described in our SSH Access article.

Importing an already generated key

If you have generated your public key/private key pair on your local computer or on another server, you can use the Import an existing public key subsection of the hosting Control Panel's SSH Access section to import the public key to the server. 

Supported key types

On our servers, RSA, ECDSA, and ED25519 keys are supported. We do not support the now obsolete DSA keys. The SSH keys management interface in the hosting control panel supports RSA and ED25519 keys. The interface reads and writes to the authorized_keys file. It does not support the authorized_keys2 file. We recommend that you store your keys in the authorized_keys file to ensure future compatibility with the server software.

Generating SSH keys using the Control Panel

Open the SSH Access section of the hosting Control Panel. There, you need to use the Generate a new private/public key pair subsection.

control-panel-ssh-keygen-form.png

Specifying a passphrase is optional, but highly recommended. It will improve the security of your account. You will need to unlock the private key on each computer with that passphrase, so if someone steals the private key, they won't be able to log in to the account with it. You can also enter an optional comment for your reference. 

You need to copy or download the generated private key in order to be able to use the public key that will be automatically saved on the server. 

Generating SSH keys using the shell

First, you need to log in to your account with SSH using a password and enter the .ssh directory:

cd ~/.ssh

There, you need to execute the following command to start the process of generating the keys:

ssh-keygen

Press Enter to confirm that you want the keys to be saved in the current directory and enter a passphrase for the private key. You will be asked to enter it twice to prevent typos. You will need to write down or remember the passphrase as you will be asked to enter it on the device you are connecting from with SSH. While it is possible to create a key without a passphrase, we do not recommend that, as the passphrase adds another layer of security.

By default, ssh-keygen will generate an RSA key. At this point, you will have two files: id_rsa and id_rsa.pub. The id_rsa file is your private key, and id_rsa.pub is your public key. You need to insert the public key as authorized key on the server. You do that by running the following command:

cat id_rsa.pub >> ~/.ssh/authorized_keys

Then copy the private key (the id_rsa file) to your computer, or other device you will be connecting from, and remove the file from the server. You will be able to use the private key in your SSH client, unlocking it with the passphrase you entered in ssh-keygen.

Using keys with SFTP

There is no problem to use key-based authentication with SFTP. In order to access the server over SFTP, you will need to set up the correct private key in your FTP client. Please note that only the main Control Panel user can connect over SFTP. All other FTP users must use FTP or FTPS and authenticate with their respective username and password combinations.